This page explains how to use the parse_path function in APL.
Use the parse_path function to extract structured components from file paths, URIs, or URLs in your log and trace data. This function is useful when you want to decompose a full path into individual segments such as the directory, filename, extension, or query parameters for easier filtering, aggregation, or analysis.
You typically use parse_path in log analysis, OpenTelemetry traces, and security investigations to understand which resources are being accessed, identify routing patterns, or isolate endpoints with high error rates. It simplifies complex string parsing tasks and helps you normalize paths for comparisons and reporting.
For users of other query languages
If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.
Usage
Syntax
Parameters
| Name | Type | Description |
|---|---|---|
| source | string | A string representing a path, file URI, or full URL. |
Returns
Returns a dynamic object with the following fields:
- Scheme
- RootPath
- DirectoryPath
- DirectoryName
- Filename
- Extension
- AlternateDataStreamName
Use case example
Extract endpoint directories and file extensions from HTTP request URIs.
Query
Output
| _time | path_parts |
|---|---|
| Jun 11, 10:39:16 | { “Filename”: “users”, “RootPath”: "", “Scheme”: "", “AlternateDataStream”: "", “DirectoryName”: “messages”, “DirectoryPath”: “/api/v1/messages”, “Extension”: "" } |
| Jun 11, 10:39:16 | { “Scheme”: "", “AlternateDataStream”: "", “DirectoryName”: “background”, “DirectoryPath”: “/api/v1/textdata/background”, “Extension”: "", “Filename”: “change”, “RootPath”: "" } |
| Jun 11, 10:39:16 | { “Filename”: “users”, “RootPath”: "", “Scheme”: "", “AlternateDataStream”: "", “DirectoryName”: “textdata”, “DirectoryPath”: “/api/v1/textdata”, “Extension”: "" } |
This query helps you identify which directories and file types receive the most traffic.